[Bug 273440] ftp/curl: add '--without-ca-path' and '--without-ca-bundle' when CA_BUNDLE is disabled

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 30 Aug 2023 07:17:18 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273440

            Bug ID: 273440
           Summary: ftp/curl: add '--without-ca-path' and
                    '--without-ca-bundle' when CA_BUNDLE is disabled
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: sunpoet@FreeBSD.org
          Reporter: michael.osipov@siemens.com
             Flags: maintainer-feedback?(sunpoet@FreeBSD.org)
          Assignee: sunpoet@FreeBSD.org

When CA_BUNDLE is disabled curl -- thus --with-ca-fallback is passed,
unfortunately, tries to locate a CA certs store automatically and finds one on
FreeBSD. This defeats the purpose of using the default store of the underlying
OpenSSL installation.

I have raised this question on the curl mailing list:
https://curl.se/mail/archive-2023-08/0011.html

The lines:
> 153 .if !${PORT_OPTIONS:MCA_BUNDLE} && (${PORT_OPTIONS:MGNUTLS} || ${PORT_OPTIONS:MOPENSSL})
> 154 CONFIGURE_ARGS+=--with-ca-fallback
> 155 .endif

need to be changed to:
> 153 .if !${PORT_OPTIONS:MCA_BUNDLE} && (${PORT_OPTIONS:MGNUTLS} || ${PORT_OPTIONS:MOPENSSL})
> 154 CONFIGURE_ARGS+=--with-ca-fallback --without-ca-path --without-ca-bundle
> 155 .endif

I can create a patch for this.

-- 
You are receiving this mail because:
You are the assignee for the bug.